CAPTCHA session reuse attack detected due to session deletion

In some cases we get a "CAPTCHA session reuse attack detected." in our logs. I suspect that this could i some cases be due to the fact that the user have spent a long time on the site before submitting the form. Eg. reading a lot of text first.

The standard setting for PHP session.gc_maxlifetime is 1440 seconds. Also the table holding the sessions "captcha_sessions" is purged via cron, where records older than session.gc_maxlifetime are deleted.

So if a user loads a page with captcha (we are using the Math captcha) and spends a lot of time on the page. Then decides to submit something it is possible that cron has already run, and deleted the users corresponding record with token information related to the captcha. The captcha module then responds with a "CAPTCHA session reuse attack detected." message.

The user has to spend more than 1440 secods on the page, but then this could happen.